ISO/IEC JTC 1/SC 7 - Software and systems engineering

This document provides management guidelines to the organizational profile specified in ISO/IEC 29110-4-2 through organizational management, product portfolio management, resource management and process management processes. This document applies to VSEs that develop software or works thru operating processes. This document is intended to be used with any processes, techniques and methods that enhance the VSEs’ customer satisfaction and productivity.

This document defines a process assessment model for safety processes, conforming to the requirements of ISO/IEC 33004, for use in performing a process assessment in accordance with the requirements of ISO/IEC 33002. This document supports the use of the process assessment models for system and software life cycle processes (ISO/IEC TS 33060 and ISO/IEC TS 33061) when applied to assessment of processes in the development of (functional or non-functional) safety related systems in order to make consistent judgment regarding either process quality or improvement priorities, or both.

This document provides guidelines for very small entities (VSEs) that want to reinforce their agile environment to develop software using an agile approach with practices of the ISO/IEC 29110 series. This document is applicable to VSEs that do not develop business- or safety-critical products.

This document covers the following information technology asset management (ITAM) system processes: a) management system processes for the overall system of IT asset management (not described in ISO/IEC 19770-1 in detail), which are specified in this document for comprehensive coverage and consistency of explanations; these include: — understanding the external context and shareholder needs (7.1, 7.2 and 10.2); — leadership, policy and organization (10.3); — establishing and maintaining the management system (10.4); — planning and risk management (10.5); — support (including resources, competence, awareness, and communication – 10.6); — executing functional and life cycle processes (10.7); — performance evaluation and improvement (10.8); b) functional management processes for IT assets (not described in ISO/IEC 19770-1 in detail), which are cross-cutting processes that integrate with life-cycle processes for IT assets and which are shared with most IT management system standards, though sometimes slightly differently grouped; these include: — change management (11.2; also required by ISO/IEC 19770-1); — data management; — license management; — security management; — relationship and contract management; — financial management; — service level management; — other risk management; c) life cycle management processes for IT assets as specified in ISO/IEC 19770-1, which are grouped and named slightly differently by different methodologies; these include: — specification; — development; — acquisition; — release; — deployment; — operation; — retirement. This document is applicable to all ITAM implementations. This document can be applied to all types of IT assets and by all types and sizes of organizations.

This document defines the requirements for capabilities of build and deployment tools to support and automate building, packaging, and deploying work. This document is intended for use in evaluating and selecting build and deployment tools according to the procedures defined in ISO/IEC 20741. This document is applicable to different development methodologies and approaches (e.g. Waterfall, Agile, or DevOps).

This document defines a process assessment model for system life cycle processes, conformant with the requirements of ISO/IEC 33004, for use in performing a conformant assessment in accordance with the requirements of ISO/IEC 33002.

This document defines a process assessment model for quantitative processes, conforming to the requirements of ISO/IEC 33004, for use in performing a process assessment in accordance with the requirements of ISO/IEC 33002.

This document describes processes targeted at VSEs that want to sustain and grow as an independent competitive system development organization. This document provides management and engineering guidelines for the systems engineering Advanced profile of the generic profile group. This document is applicable to VSEs that do not develop critical systems and have little or no experience with systems engineering (SE) process planning and implementation using the ISO/IEC/IEEE 15288. This document is also applicable to VSEs which are familiar with the management and engineering guidelines of the systems engineering Intermediate profile (ISO/IEC TR 29110 5-6-3) for their system development projects and are involved in the development of more than one project in parallel with more than one work team.

This document provides the management and engineering guidelines to the software Entry profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document applies to start-up VSEs (e.g. VSEs that started their operation less than three years ago) and/or VSEs working on small projects (e.g. projects with a size of less than six person-months).

This document provides management and engineering guidelines to the software Basic profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document is applicable to VSEs developing a single product by a single work team.

This document defines a method for measuring the non-functional size of the software. It complements ISO/IEC 20926:2009, which defines a method for measuring the functional size of the software. This document also describes the complementarity of functional and non-functional sizes, so that deriving the sizes from the functional and the non-functional requirements does not result in duplication in the distinct functional and non-functional sizes. In general, there are many types of non-functional requirements. Moreover, non-functional requirements and their classification evolve over time as the technology advances. This document does not intend to define the type of NFR for a given context. Users can choose ISO 25010 or any other standard for the definition of NFR. It is assumed that users size the NFR based on the definitions they use. This document covers a subset of non-functional requirements. It is expected that, with time, the state of the art can improve and that potential future versions of this document can define an extended coverage. The ultimate goal is a version that, together with ISO/IEC 20926:2009, covers every aspect that can be required of any prospective piece of software, including aspects such as process and project directives that are hard or impossible to trace to the software's algorithm or data. The combination of functional and non-functional sizes would then correspond to the total size necessary to bring the software into existence. Estimating the cost, effort and duration of the implementation of the NFR is outside the scope of this document.

This document defines an efficient and consistent solution for keyword-driven testing by: — giving an introduction to keyword-driven testing; — providing a reference approach to implement keyword-driven testing; — defining requirements on frameworks for keyword-driven testing to enable testers to share their work items, such as test cases, test data, keywords, or complete test specifications; — defining requirements for tools that support keyword-driven testing; these requirements are applicable to any tool that supports the keyword-driven approach (e.g. test automation, test design and test management tools); — defining interfaces and a common data exchange format to ensure that tools from different vendors can exchange their data (e.g. test cases, test data and test results); — defining levels of hierarchical keywords, and advising use of hierarchical keywords; this includes describing specific types of keywords (e.g. keywords for navigation or for checking a value) and when to use "flat" structured keywords; — providing an initial list of example generic technical (low-level) keywords, such as "inputData" or "checkValue"; these keywords can be used to specify test cases on a technical level and can be combined to create business-level keywords as required. This document is applicable to all those who want to create keyword-driven test specifications, create corresponding frameworks, or build test automation based on keywords.

This document defines quality measures for quantitatively evaluating cloud services quality in terms of characteristics and sub-characteristics defined in ISO/IEC TS 25052-1 and is intended to be used together with ISO/IEC TS 25052-1. This document contains the following: — a basic set of quality measures for each characteristic and sub-characteristics; — an explanation of how to apply quality measures to cloud services. Since the quality model defined in ISO/IEC TS 25052-1 is the extension to the existing quality models defined in ISO/IEC 25010 to ISO/IEC 25019, it can be used with the product quality model, IT service quality model, data quality model, and quality-in-use model according to evaluation purposes. For the same reason, the quality measures defined in this document can also be used with the quality measures for software ICT products, IT services, data, and quality-in-use. As there are several cloud service categories, this document focuses on the quality model of SaaS (software as a service). This document does not address PaaS (platform as a service) and IaaS (infrastructure as a service).

This document describes a set of useful activities, tasks, methods, and practices that acquirers of software and related services from unrelated (external) suppliers can apply to help ensure an efficient and effective acquisition of software or software services. These practices can be applied in competitive and in sole source procurements, regardless of the type, size, complexity, and cost of the acquisition. The document can be applied to software that runs on any computer system regardless of its size, complexity, or criticality. The software supply chain can include integration of off-the-shelf (OTS), custom, software as a service (SaaS), or open-source software. Software services can include software development and sustainment (maintenance), integration, verification (testing) and operation. Security and safety are included as attributes to be considered during the acquisition. However, specific requirements for acquisition of information assurance (security), safety, and cloud services are not included.

This document provides a specification for associating the processes of ISO/IEC TS 33073 with the process attribute outcomes of ISO/IEC 33020 with the intent of demonstrating support for levels 1 to 3 of the process capability measurement scale defined in ISO/IEC 33020.

This document provides a specification for associating the life cycle processes of ISO/IEC/IEEE 12207 with the process attribute outcomes of ISO/IEC 33020 with the intent of demonstrating support for levels 1 to 3 of the process capability measurement scale defined in ISO/IEC 33020.

This document provides the framework for quality evaluation of ICT (information and communication technology) products (including software products), data, and IT services, which includes its concepts, and requirements, and recommendations for its processes to be implemented and enhanced. This document is applicable for those who need to perform quality evaluations on target entities, including development organization (integrators, developers, and quality assurance group), acquirers, IT service providers, and independent evaluators. This document does not provide specific test methods for quality evaluation or guidance on utilizing evaluation results.

This document defines a set of core practices and concepts that have wide acceptance in organizations and industries using agile practices and concepts. This document defines a set of core practices that are present in agile methodologies. The practices and concepts defined in this document are applicable to a single agile team, as well as to multiple agile teams. These practices and concepts are applicable throughout the life cycle of software systems, products and services.

This document contains guidance for certification that can be used by certification or qualification bodies regarding the description of knowledge, skill and competence within their particular schemes based on ISO/IEC 24773-1.

This document defines the terms common to the ISO/IEC 29110 series. This document is applicable to very small entities (VSEs), and their customers, assessors, standards producers, tool vendors and methodology vendors.

This document establishes the major concepts required to understand and use the ISO/IEC 29110 series. It specifies the characteristics and requirements of a VSE, and clarifies the rationale for VSE-specific profiles, documents, profile specifications and guidelines. This document introduces the taxonomy (catalogue) of ISO/IEC 29110 profiles and the ISO/IEC 29110 series. This document is applicable to a VSE but can also be used by an entity that is larger than a VSE.

This document provides guidance for the life cycle management of systems and software, complementing the processes described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207. This document: — addresses systems concepts and life cycle concepts, models, stages, processes, process application, key points of view, adaptation and use in various domains and by various disciplines; — establishes a common framework for describing life cycles, including their individual stages, for the management of projects that provide or acquire either products or services; — defines the concept of a life cycle; — supports the use of the life cycle processes within an organization or a project; organizations and projects can use these life cycle concepts when acquiring and supplying either products or services; — provides guidance on adapting a life cycle model and the content associated with a life cycle or a part of a life cycle; — describes the relationship between life cycles and their use in applying the processes in ISO/IEC/IEEE 15288 (systems aspects) and ISO/IEC/IEEE 12207 (software systems aspects); — shows the relationships of life cycle concepts to the hardware, human, services, process, procedure, facility and naturally occurring entity aspects of projects; — describes how its concepts relate to detailed process standards, for example, in the areas of measurement, project management, risk management and model-based systems and software engineering.

The proposed project is a revision of ISO/IEC/IEEE 24748-2:2018, Systems and software engineering — Life cycle management — Part 2: Guidelines for the application of ISO/IEC/IEEE 15288 (System life cycle processes). There are no scope changes. ISO/IEC/IEEE 24748-2 is a guideline for the application of ISO/IEC/IEEE 15288. It addresses system, life cycle, organizational, project, and process, concept application, principally through reference to ISO/IEC/IEEE 24748-1 and ISO/IEC/IEEE 15288. It gives guidance on applying ISO/IEC/IEEE 15288 from the aspects of strategy, planning, application in organizations, and application on projects. It also provides comparison of the differences between ISO/IEC/IEEE 15288 current revision and the prior version, ISO/IEC 15288:2015.

This document establishes a framework for defining quality models which are composed of quality characteristics and sub-characteristics. In particular, this document provides: — the concept of a quality model; — the structure and semantics of quality models; — the relationship between quality models and the other concepts, including measurement, requirement definition, and evaluation; — guidelines, requirements and examples for using quality models.

This document provides specifications for a transport format which enables the digital encapsulation of this data. This document refers to an encapsulation of hardware identification (HWID) data as a HWID tag, just as ISO/IEC 19770-2 refers to software identification (SWID) tags for software identification. This document applies to the following. — Tag producers: organizations that create HWID tags for use by others in the market. A tag producer can be part of the organization creating the hardware or a third-party organization. These organizations can be broken down into two major categories. — Device or component providers: entities responsible for the manufacturing or creation of the hardware device and/or associated operating system, virtual environment, or application platform. Platform providers which support this document can additionally provide tag management capabilities at the level of the platform or operating system. — Tag tool providers: entities that provide tools to create hardware identification tags. For example, tools within development environments that generate hardware identification tags, or installation tools that can create tags on behalf of the installation process, and/or desktop management tools that can create tags for underlying hardware, virtual machines, or platforms that did not originally have a hardware identification tag. — Tag consumers: tools and/or organizations who utilize information from HWID tags are broken down into the following two major categories. — Device or component consumers: entities that purchase, install, integrate, and/or otherwise deploy physical or virtual hardware or components. — IT discovery and processing tool providers: entities that provide tools to collect, store, and process hardware identification tags. These tools may be targeted at a variety of different market segments, including security, asset management, and logistics. This document deals only with hardware device or component identification. This document does not detail information technology asset management (ITAM) processes required for discovery and management of hardware (which is provided in ISO/IEC 19770-1) software identification tags (as defined by ISO/IEC 19770-2), entitlement tags (as defined by ISO/IEC 19770-3), or resource utilization measurements (as defined by ISO/IEC 19770-4).

This document defines a quality-in-use model composed of three characteristics (which are further subdivided into sub-characteristics) that can influence stakeholders when products or systems are used in a specified context of use. This model is applicable to the entire spectrum of information system and IT service system, including both computer systems in use and software products in use. This document provides a set of quality characteristics for specifying, measuring, evaluating and improving quality-in-use. In this document, because context of use is specified as prerequisite of quality-in-use, context of use is necessary to be re-specified to change prerequisite when a product or service intend to fulfil to context of use changes. The model can be applied, in particular, by those responsible for specifying and evaluating software product quality, such as developers, acquirers, quality assurance and control staff, and independent evaluators. Activities during product development that can benefit from the use of the quality model can include, but are not limited to: — identifying requirements for information system and IT service system in use; — validating the comprehensiveness of a quality-in-use requirements specification; — identifying information system and IT service system design objectives for quality-in-use; — identifying quality-in-use control criteria as part of overall quality assurance; — identifying acceptance criteria for information system and IT service system or information systems; — establishing measures to address the consequences of using products in specified context-of -use; — presenting evaluation items for ethics considerations when using information system and IT service system; — supporting governance of digitalization activities.

This document defines a product quality model, which is applicable to ICT (information and communication technology) products and software products. The product quality model is composed of nine characteristics (which are further subdivided into subcharacteristics) that relate to quality properties of the products. The characteristics and subcharacteristics provide a reference model for the quality of the products to be specified, measured and evaluated. NOTE 1 In this document, a product refers to an ICT product that is part of an information system. ICT product components include subsystems, software, firmware, hardware, data, communication infrastructure, and other elements that are part of the ICT product. This model can be used for requirements specification and evaluation of the target products’ quality throughout their lifecycle by several stakeholders, including developers, acquirers, quality assurance and control staff and independent evaluators. Activities in the product lifecycle that can benefit from the use of this model include: — eliciting and defining product and information system requirements; — validating the comprehensiveness of requirements definition; — identifying product and information system design objectives, and design necessary process for achieving quality; — identifying product and information system testing objectives; — identifying quality control criteria as the part of quality assurance; — identifying acceptance criteria for a product and/or an information system; — establishing measures of product quality characteristics in support of these activities. NOTE 2 Usage of the quality model for measurement is explained in Annex C.

This document specifies the concept of integrity levels with the corresponding integrity level requirements for achieving the integrity levels. Requirements and recommended methods are provided for defining and using integrity levels and their corresponding integrity level requirements. This document covers systems, software products, and their elements, as well as relevant external dependences. This document is applicable to systems and software and is intended for use by: a) definers of integrity levels such as industry and professional organizations, standards organizations, and government agencies; b) users of integrity levels such as developers and maintainers, suppliers and acquirers, system or software users, assessors of systems or software and administrative and technical support staff of systems and/or software products. One important use of integrity levels is by suppliers and acquirers in agreements, for example, to aid in assuring safety, financial, or security characteristics of a delivered system or product. This document does not prescribe a specific set of integrity levels or their integrity level requirements. In addition, it does not prescribe the way in which integrity level use is integrated with the overall system or software engineering life cycle processes. It does, however, provide an example of use of this document in Annex A.

This document: — describes frequently occurring risks during development and maintenance of custom software; — describes possible controls for frequently occurring risks; — describes the related: — activities, facilities and roles typically used for these controls; — properties of products and processes; — standards, measurements, testing and assessment of the properties of products and processes.

This document: — provides supplemental requirements and guidance for the planning and performing of the integration processes given in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207; — provides guidance on the relationship between the integration process and other life cycle processes. — specifies requirements for information items to be produced as a result of using the integration process, including the content of the information items. This document is applicable to: — those who use or plan to use ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288, or both, on projects dealing with human-made systems, software-intensive systems, and products and services related to those systems, regardless of the project scope, methodology, size, or complexity; — anyone planning or performing integration activities to aid in ensuring that the application of the integration process and its relationships to other system life cycle processes conform to ISO/IEC/IEEE 15288 or ISO/IEC/IEEE 12207.

This document defines system engineering and management requirements for the life cycle of websites, including strategy, design, engineering, testing and validation, and management and sustainment for intranet and extranet environments. This document applies to those using web technology to present information and communications technology (ICT) information, such as information for users of systems and services, plans and reports for systems and software engineering projects, and documentation of policies, plans, and procedures for IT service management. This document provides requirements for website owners and website providers, managers responsible for establishing guidelines for website development and operations, website engineers, designers, developers, and operations and maintenance staff, who can be external or internal to the website owner's organization. It applies to websites for public access and for limited access, such as for users, customers, and subscribers seeking information on IT systems, products and services. The requirements and recommendations in this document address the following aspects of usability of informational websites and ease of maintenance of managed website operations: a) locating relevant and timely information; b) applying information security management; c) facilitating accessibility and ease of use; d) providing for consistent and efficient development and maintenance practices. This document is not particularly applicable to websites used primarily for marketing or sales, to deliver instructional material (tutorials), or to provide graphical user interfaces (GUI) for business or consumer transactional application processing. However, this document can provide useful insights for managing such sites. This document does not address vendor and product considerations for website engineering and management. This document does not include specifications for application development tools, programming and scripting languages used for websites, metadata tags, or protocols for network communications. It does not address tools or systems used for management or storage of information content (data, documents) that can be presented on websites. This document does not address the design and architecture of software and systems supporting the Internet.

This document elaborates requirements and recommendations for certifications schemes based on ISO/IEC 24773-1, which are specific to the domain of software engineering.

This document provides requirements and guidance on the application of system and software engineering processes to systems for epidemic prevention and control. This document provides guidance that can be employed for adopting and applying system and software life cycle processes within an organization or a project in an epidemic emergency. It includes system of systems considerations in the context of epidemic emergency. This document applies to acquisition, supply, development, operation, maintenance, and disposal (whether performed internally or externally to an organization) of system or system of systems in an epidemic emergency. Many of the requirements and recommendations in this document are also applicable to other systems developed rapidly to respond to emergency conditions affecting the public.

This document deals with the tool capabilities and methods for model-based systems and software engineering (MBSSE). This document: — specifies a reference model for the overall structure and processes of MBSSE-specific processes, and describes how the components of the reference model fit together; — specifies interrelationships between the components of the reference model; — specifies MBSSE-specific processes for model-based systems and software engineering; the processes are described in terms of purpose, inputs, outcomes and tasks; — specifies methods to support the defined tasks of each process; — specifies tool capabilities to automate or semi-automate tasks or methods. This document does not bring any additional life cycle processes for system and software but specifies an MBSSE reference model considered as activities, not only from the life cycle perspectives of systems engineering problem solving and the system-of-interest evolution, but also from the cognitive perspectives of modelling and model management, which can sustain and facilitate the system and software life cycle processes during digital transformation and in the digital age. The processes defined in this document are applicable for a single project, as well as for an organization performing multiple projects or an enterprise. These processes are applicable for managing and performing the systems and software engineering activities based on models within any stage in the life cycle of a system-of-interest.

This document establishes a common framework of process descriptions for describing the life cycle of systems created by humans, defining a set of processes and associated terminology from an engineering viewpoint. These processes can be applied to systems of interest, their system elements, and to systems of systems. Selected sets of these processes can be applied throughout the stages of a system's life cycle. This is accomplished through the involvement of stakeholders, with the ultimate goal of achieving customer satisfaction. This document defines a set of processes to facilitate system development and information exchange among acquirers, suppliers, and other stakeholders in the life cycle of a system. This document specifies processes that support the definition, control, and improvement of the system life cycle processes used within an organization or a project. Organizations and projects can use these processes when acquiring and supplying systems. This document applies to organizations in their roles as both acquirers and suppliers. This document applies to the full life cycle of systems, including conception, development, production, utilization, support and retirement of systems, and to the acquisition and supply of systems, whether performed internally or externally to an organization. The life cycle processes of this document can be applied iteratively and concurrently to a system and recursively to the system elements. This document applies to one-of-a-kind systems, mass-produced systems, and customised, adaptable systems. It also applies to a complete stand-alone system and to systems that are embedded and integrated into larger more complex and complete systems. This document does not prescribe a specific system life cycle model, development methodology, method, modelling approach or technique. This document does not detail information items in terms of name, format, explicit content, and recording media. ISO/IEC/IEEE 15289 addresses the content for life cycle process information items (documentation).

This document provides an overview of process assessment and interprets the requirements of ISO/IEC 33002 and ISO/IEC 33004 through the provision of guidance on the selection and use of assessment models, documented assessment processes, and instruments or tools for assessment. Process assessment is applicable in the following circumstances: a) by or on behalf of an organization with the objective of understanding the state of its own processes for process improvement; b) by or on behalf of an organization with the objective of determining the suitability of its own processes for a particular requirement or class of requirements; c) by or on behalf of one organization with the objective of determining the suitability of another organization's processes for a particular contract or class of contracts.

This document specifies requirements for efficient development and management of information produced — throughout the life cycle of a system and software product; — for the provision of information for users of systems and software; — for the management of IT and support services. This document is independent of the tools, protocols, and systems used for content management. It does not address configuration management of software assets. The content management process presented in Clauses 6 to 10 is a specialization (lower-level process) of the information management process specified in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207.

This document, within the context of methods and tools that support the configuration management (CM) capability of software and systems product line engineering: — specifies processes for product line CM (the processes are described in terms of purpose, inputs, tasks, and outcomes); — specifies method capabilities to support the defined tasks of each process; — specifies tool capabilities that automate or semi-automate tasks and methods. This document does not concern the processes and capabilities of tools and methods for a single system but rather deals with those for a family of products.

This document, within the context of methods and tools that support the product line measurement and management and that demonstrate the quality of the products and a product line: — specifies processes for product line measurement (the processes are described in terms of purpose, inputs, tasks and outcomes); — specifies method capabilities to support the defined tasks of each process; — specifies tool capabilities that automate or semi-automate tasks and methods. This document does not concern the processes and capabilities of tools and methods for a single system but rather deals with those for a family of products.

This document: — gives information for software testers for the systematic, risk-based testing of biometric systems and larger systems which include biometric subsystems; — establishes the importance of both biometric standards and software testing standards and provides overviews of both areas and their standardization; — specifies the most important biometric standards for software testers of biometric systems; — provides information for software testers who wish to conform to both the relevant biometrics standards and the ISO/IEC/IEEE 29119 series of software testing standards by providing mappings between the two sets of standards; — is not limited to the testing of the technical performance of biometric systems in terms of error rates and throughput rates, but instead covers the testing of the full range of relevant quality characteristics, such as reliability, availability, maintainability, security, conformance, usability, human factors, and privacy regulation compliance; — gives information on applying a risk-based testing approach to the testing of biometric systems that covers the full range of product and project risks; — provides testers with an example set of product and project risks associated with biometric systems along with suggestions on how these risks can be treated as part of a risk-based approach to the testing; — includes mappings between the documentation requirements of ISO/IEC 19795-1, ISO/IEC 19795-2 and ISO/IEC 19795-6 and the software test documentation defined by ISO/IEC/IEEE 29119-3.

The standard establishes a set of processes by which engineers and technologists can include consideration of ethical values throughout the stages of concept exploration and development, which encompass system initiation, analysis, and design. This standard provides engineers and technologists with an implementable process aligning innovation management processes, system design approaches, and software engineering methods to help address ethical concerns or risks during system design. IEEE Std 7000™ does not give specific guidance on the design of algorithms to apply ethical values such as fairness and privacy.

This document specifies requirements for the structure and expression of an architecture description (AD) for various entities, including software, systems, enterprises, systems of systems, families of systems, products (goods or services), product lines, service lines, technologies and business domains. This document distinguishes the architecture of an entity of interest from an AD expressing that architecture. Architectures are not the subject of this document. This document specifies requirements for use of the architectural concepts and their relationships as captured in an AD. It does not specify requirements for any entity of interest or its environment. This document specifies requirements for an architecture description framework (ADF), an architecture description language (ADL), architecture viewpoints and model kinds in order to usefully support the development and use of an AD. This document specifies conformance to the requirements for an AD, ADF, ADL, architecture viewpoint and model kind. This document does not specify the processes, architecting methods, models, notations, techniques or tools by which an AD is created, utilized or managed. This document does not specify any format or media for recording an AD.

This document specifies requirements for structure terminology of assurance cases. This document is applicable for developing and maintaining assurance cases.

This document provides requirements and guidance on the implementation of DevOps to define, control, and improve software life cycle processes. It applies within an organization or a project to build, package, and deploy software and systems in a secure and reliable way. This document specifies practices to collaborate and communicate effectively in groups including development, operations, and other key stakeholders. This document applies a common framework for software life cycle processes, with well-defined terminology. It contains processes, activities, and tasks that are to be applied to the full life cycle of software systems, products, and services, including conception, development, production, utilization, support, and retirement. It also applies to the acquisition and supply of software systems, whether performed internally or externally to an organization. These life cycle processes are accomplished through the involvement of stakeholders, with the ultimate goal of achieving customer satisfaction. The life cycle processes of this document can be applied concurrently, iteratively, and recursively to a software system and incrementally to its elements. This document applies to software systems, products, and services, and the software portion of any system. Software includes the software portion of firmware. Those aspects of system definition needed to provide the context for software systems, products, and services are included. There is a wide variety of software systems in terms of their purpose, domain of application, complexity, size, novelty, adaptability, quantities, locations, life spans, and evolution. This document describes the processes that comprise the life cycle of software systems. It therefore applies to one-of-a-kind software systems, software systems for wide commercial or public distribution, and customized, adaptable software systems. It also applies to a complete stand-alone software system and to software systems that are embedded and integrated into larger, more complex, and complete systems.

This document defines the quality model of cloud services. The quality model of cloud services is composed of nine characteristics (some of which are further subdivided into subcharacteristics), which provide consistent terminology for specifying, measuring and evaluating cloud services so that the stakeholders, cloud service customer (CSC), cloud service provider (CSP) and cloud service partner (CSN) have a common understanding. Since the quality model in this document is the extension to the existing quality models defined in ISO/IEC 2501n, it can be used with the product quality model, IT service quality model, data quality model, and quality-in-use model according to evaluation purposes. As there are several cloud service categories, this document focuses on the quality model of SaaS (Software as a Service). NOTE Future documents are intended to address PaaS (Platform as a Service) and IaaS (Infrastructure as a Service).

This document specifies general concepts in software testing and presents key concepts for the ISO/IEC/IEEE 29119 series.

This document provides guidance for the maintenance of software, based on the maintenance process and its activities and tasks defined in ISO/IEC/IEEE 12207:2017, 6.4.13. Moreover, this document describes the maintenance process in greater detail and establishes definitions for the various types of maintenance. This includes maintenance for multiple software products with the same maintenance resources. “Maintenance” in this document means software maintenance unless otherwise stated. The document does not address the operation of software and the operational functions, e.g. backup, recovery, system administration, which are normally performed by those who operate the software. However, it does include the related disposal process defined in ISO/IEC/IEEE 12207:2017, 6.4.14. This document is written primarily for managers, maintenance organizations, quality managers, users and acquirers of systems containing software. Many of the activities and tasks discussed in this document apply equally to maintenance services, as well as to maintained software products. For example, in a COTS intensive system, maintenance services are performed to sustain the product in operations. While the scope of this document is software maintenance, hardware and hardware costs are important considerations for maintenance.